Enable Password Authentication for OPENVPN

Source: Internet
Author: User

Enable Password Authentication for OPENVPN

1. Server Configuration

1. Modify the main configuration file of openvpn and add the following content:

[Root @ ttt openvpn] # cat/etc/openvpn/server. conf | more

######### Auth password ########
Script-security 3 ### -- add script processing, such as password verification
Auth-user-pass-verify/etc/openvpn/checkpsw. sh via-env ### specify only authentication scripts
Client-cert-not-required ##### User/Pass authentication is used if the CA certificate is not requested. If both the certificate and password authentication are enabled, comment out the line.
Username-as-common-name ### use the UserName provided by the customer as the Common Name

############################

2. Place checkpsw. sh in the script path in the configuration file.

[Root @ ttt openvpn] # cat checkpsw. sh
#! /Bin/sh
######################################## ###################
# Checkpsw. sh (C) 2004 Mathias Sundman <mathias@openvpn.se>
#
# This script will authenticate OpenVPN users against
# A plain text file. The passfile shoshould simply contain
# One row per user with the username first followed
# One or more space (s) or tab (s) and then the password.


PASSFILE = "/etc/openvpn/psw-file"
LOG_FILE = "/var/log/openvpn-password.log"
TIME_STAMP = 'date "+ % Y-% m-% d % T "'

######################################## ###################

If [! -R "$ {PASSFILE}"]; then
Echo "$ {TIME_STAMP}: cocould not open password file \" $ {PASSFILE} \ "for reading." >$ {LOG_FILE}
Exit 1
Fi

CORRECT_PASSWORD = 'awk '! /^ ;/&&! /^ #/& $1 = "'$ {username}'" {print $2; exit} '$ {PASSFILE }'

If ["$ {CORRECT_PASSWORD}" = ""]; then
Echo "$ {TIME_STAMP}: User does not exist: username = \" $ {username} \ ", password = \" $ {password }\". ">>$ {LOG_FILE}
Exit 1
Fi

If ["$ {password}" = "$ {CORRECT_PASSWORD}"]; then
Echo "$ {TIME_STAMP}: Successful authentication: username = \" $ {username} \ "." >>$ {LOG_FILE}
Exit 0
Fi

Echo "$ {TIME_STAMP}: Incorrect password: username = \" $ {username} \ ", password = \" $ {password} \ "." >$ {LOG_FILE}
Exit 1

3. Grant the script execution permission

[Root @ ttt openvpn] # chmod + x checkpsw. sh

4. Prepare the user name and password authentication file. Separate the user name and password with spaces and ensure that the openvpn start user can read the file.

[Root @ ttt openvpn] # cat psw-file
Client01 123456
Client02 123456789

For the sake of security, change the psw-file Permission as little as possible

[Root @ ttt openvpn] # chmod 400 psw-file

[Root @ ttt openvpn] # chown nobody. nobody psw-file

5. Restart the service process of openvpn

2. Modify the client configuration file and add the following line

Auth-user-pass

3. Enable windows client for Password Authentication


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.